Categories: Cyber Security News

New Unpatched Windows Print Spooler Bug Let Hackers Exploit The Elevation of Privilege

Microsoft issued a new security warning about the unpatched Windows Print Spooler Elevation of privilege vulnerability that allows attackers to execute an arbitrary code with the system privileges’.

“The print spooler service is a service that is running on each computer that participates in the Print Services system. The print spooler service implements the print client and print server roles, by enabling each participating system to act as a print client, administrative client, or print server for the Print Services system.”

The Vulnerability found existing in the Print Spooler service allows attackers to perform a local elevation of privilege.

Once the attackers successfully exploited this vulnerability, they could install the malicious programs, modify, change and delete the data, which also allows attackers to create new user accounts.

In order to exploit the vulnerability, an attacker needs to execute the code on a victim system, and it is a local privilege escalation vulnerability and tracked as CVE-2021-34481.

According to Microsoft report “An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. “

Mitigation:-

Microsoft published a work around for this vulnerability to secure the system from this vulnerability.

“We will update this CVE when we complete our investigation. If you wish to be notified when updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.” Microsoft said.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Critical Exim Mali Server Vulnerability Impacts 1.5 Million Email Servers

According to recent findings by security researchers, more than 1.5 million email servers are currently…

4 hours ago

AT&T Massive Data Breach – Affecting Nearly All Customers’ Call & Text Records

AT&T, one of the largest telecommunications companies in the United States, has disclosed a significant…

16 hours ago

FishXProxy Fuels Phishing Attacks with Clever Deceptive Attacks

Imagine receiving an email that looks legitimate, down to the last detail. This is the…

19 hours ago

Beware of Phishing Attack that Abuses SharePoint Servers

A massive phishing campaign exploits Microsoft SharePoint servers to host malicious PDFs containing phishing links.…

20 hours ago

Apple Warns of Users in 98 Countries of Targeted Spyware Attacks

Apple has alerted iPhone users in 98 countries about potential mercenary spyware attacks. This marks…

22 hours ago

Citrix NetScaler ADC & Gateway Impacted by regreSSHion RCE Vulnerability

Qualys discovered a critical remote unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd).…

22 hours ago